Keep networked XP off internet

Through the years of reading about security and infection I have learned that some infections once in one part of a network LAN (Local Area Network)
will go through the system to just about anything that is hooked to it that has a drive or memory of some sort.

Years ago it was top dollar printers use by corporations. These printers have drives and memory. These printers were used by many work stations using LAN. The infection would allow the bad guys to read everything that was printed because they were stored on the printer drive.

The bad guy's are not dumb, they are smart crooks.
In my opinion any piece of equipment that hooks to another piece of equipment in any fashion can pass on and share infections.
As Nigel points out the best thing to do is stop the infection from getting into the network and sharing. If it takes added security for each computer so be it.

Wanacry might still sneak into one of my systems even though my protection should stop it from happening.
Wanacry still can't get to my backup and clones because those drives are not hooked up to my systems. Therefor they are not part of the LAN.

Also remember if your system share using Wifi, infection will also be shared using Wifi.
I personally don't use any kind of Wifi. It's disabled on my systems.

Jack

There is a common mantra that goes around the computer enthusiast community that states that you should firewall your system at the point of entry - the Modem/Router, and not worry about firewalling internal devices. Experience has taught me that the internet connection is not the only weak link in any system, the major weakness is unfortunately an essential - The user, and once an infection is in a network that only has external protection it's free to cause mayhem at it's leisure.

Good practice is a start point for security, as has been stated, disconnect backup devices after use, and treat each device as if it were a standalone system connected directly to the internet. Include a firewall, (Inbound and outbound rules on bothe internet and local addresses), HIPS System, Windows UAC will suffice here but additional checks of unusual process activity is useful, Antivirus, antimalware

On critical systems it's also an idea to consider sandboxing all new installs and transfers into the lan, including USB sticks and portable devices.

For most enthusiast systems there is probably not enough value to make them serious targets for the really nasty scum who infest the industry but the fact is that the malware writers are not always that good, so there is always a risk of collateral damage, to unintended targets.

THings have changed in recent years, it's not the Kid in Computer club who wants to show off - It's the organised criminals with a lot of money who are prepared to invest to get more money

Totally agree Nigel.
The crooks come at ones computer using many different methods.
Those of you that have worked with large LAN's and Domains know a lot more than I do about such things.

My home systems are small enough not to be targeted by big time crooks but big enough to get infected if I'm not careful.

A simple thing like plugging in a friends thumb drive or DVD can cause all kinds of hell.
The friend didn't intend to cause your system problems but at that stage intent doesn't matter.
One must be careful all the time what is or is not connected to their computers.

I have read (I think it was on this forum) a member found a thumb drive and plugged it into their system and got infected. Why would one do such a thing?

In today's world of portable devices calling home or plugging into a domain or network has got to be very difficult for today's business I.T. department to verify and check for infections with thousands of employees using their systems. It's mind boggling to me.
I'm luck; I only have to worry about me doing dumb things.

How many people plug in the poorly protected cell phone into their home system and transfer something and think nothing about it?
I do wonder at times how the general public keep anything secure.

Jack

BD A-V, + Malwarebytes Anti-Exploit + BD Anti-Ransomware running resident on both. In 22 years of computing, I've had an occasional Trojans, occasional pieces of adware, no viruses.

Thanks, Barman

Layback Bear said:

Through the years of reading about security and infection I have learned that some infections once in one part of a network LAN (Local Area Network)
will go through the system to just about anything that is hooked to it that has a drive or memory of some sort.

Years ago it was top dollar printers use by corporations. These printers have drives and memory. These printers were used by many work stations using LAN. The infection would allow the bad guys to read everything that was printed because they were stored on the printer drive.

The bad guy's are not dumb, they are smart crooks.
In my opinion any piece of equipment that hooks to another piece of equipment in any fashion can pass on and share infections.
As Nigel points out the best thing to do is stop the infection from getting into the network and sharing. If it takes added security for each computer so be it.

Wanacry might still sneak into one of my systems even though my protection should stop it from happening.
Wanacry still can't get to my backup and clones because those drives are not hooked up to my systems. Therefor they are not part of the LAN.

Also remember if your system share using Wifi, infection will also be shared using Wifi.
I personally don't use any kind of Wifi. It's disabled on my systems.

Jack

No wi-fi EVER, and I've kept my networks safe for many years. Yes, I have an image of my primary puter on an external drive.

No smart-phone, just a flip-phone, no other portable devices.
Never borrow USB drives or any devices from friends.
I'm the 71-year-old kid in the computer club, and I've been there 22 years.

I'm thinking of installing Win 7 on the older puter too. It's been a reliable machine with the spirit of a young whippersnapper.

I think the general public can't keep their systems safe. I would say the majority don't belong to PC groups or ask for help online. Someone told me today that when she has an issue, she asks her teenage son for help. Riiiiiiiight! I hear a lot of that.